projects/crypto-fsn.mdwn

   1 [[!meta title="Sketches for a federated social network using strong crypto to protect the user's data"]]
   2
   3 Network structure
   4 -----
   5
   6 The network structure is decentralized; status updates, posts, etc. are
   7 transferred between endpoints. Users are identified by addresses that
   8 follow RFC 822. Protocol is unclear:
   9
  10 * XMPP: wide-spread and allows easy implementation of a chat, has integrated
  11   authentication, however not very light-weight to implement
  12 * OStatus: used by Diaspora, StatusNet, identi.ca
  13 * Salmon?
  14 * RSS/RSS Cloud?
  15 * PubSubHubbub: pull-based, apparently not used frequently
  16
  17 Concept
  18 ----
  19
  20 All users have a private key and a keyring of public keys. "Friend"
  21 requests are directed, the inquired person has to approve friendship.
  22 Positive acknowledgement of this request leads to addition of the inquirer's
  23 key to the user's keyring. All status updates, pictures, ... the user posts
  24 are encrypted with the keys in his kearing, so only the followers can actually
  25 encrypt and see it. NO PLAIN-TEXT COPYING OF CONTENT!
  26
  27 Pro:
  28
  29 * encryption prevents accidental data leakage
  30 * the user has full control about who can see the data
  31
  32 Contra:
  33
  34 * encryption makes the process slow, needs additional cpu cycles
  35 * advertising encryption could lead to false security, as the content can
  36   still be distributed through explicit downloads by trusted users
  37 * encryption for every single person in keyring leads to much traffic
  38
  39 Problems:
  40
  41 * "Reposts"? If so, content can't be encrypted => checkbox: repost yes/no?
  42 * Groups? Generate public/private key for each group?
  43 * How is the data stored on disk?
  44 * Private keys must be very well protected on the endpoint
  45